An Introduction to Enterprise PKS

Background

The evolution of applications to become cloud native is playing a significant part in any CIO’s current digital transformation portfolio. To begin this transformation the development team typically start small by building a few containers, but very quickly these add up. Manual deployments of this supposedly agile technology limits how many releases can be performed.

In order to get around this stumbling block, an orchestration tool for these containers is a big enabler to take that next step. The de-facto standard for this orchestration has become Kubernetes, originally developed by Google, it is now looked after by the Cloud Native Computing Foundation (CNCF) as an open source project.

Kubernetes is incredibly powerful, but also requires a significant investment in either time upskilling existing staff or recruiting those skills. Once you have the skills needed to build your own Kubernetes clusters, these clusters will still need to be built, tuned and monitored manually, with this repeating every time additional requirements are introduced. When a new version of Kubernetes is released, this will need to be scheduled in line with your manual resource to individually update each cluster. This complexity is only going to increase as the Kubernetes infrastructure grows.

But didn’t you deploy Kubernetes to reduce the manual deployments and increase the speed of release for each iteration of software?

Enterprise PKS

Pivotal Container Service, PKS (the ‘K’ being a nod to Kubernetes) was developed in conjunction with Google and VMware® to address some of those concerns by layering on some automation and support. Pivotal’s stated goal when developing PKS was to provide self-service Kubernetes at scale.

Self-service is the key phrase in that statement. Once Enterprise PKS has been deployed and configured, a developer can request a new Kubernetes cluster and know that it will be delivered exactly the same as the last one. The developer doesn’t need to learn how to build Kubernetes, this is delivered in an automated fashion using BOSH, and can easily be integrated into the development pipeline.

As PKS provides upstream Kubernetes the developer’s toolset will remain the same, providing familiarity and leveraging existing skills in deployments. PKS abstracts the infrastructure layer away from the developer, enabling them to declaratively deploy additional functions without needing to worry about what happens behind the scenes.

PKS also offers built-in automated health checks and remediation of the Kubernetes clusters. When an upgrade is required, PKS can orchestrate the deployment of the new version of Kubernetes automatically.

Networking & Security

Enterprise PKS addresses a broad range of Kubernetes challenges including networking, security, monitoring and logging by having VMware NSX-T and Harbor included.

To enable networking and security features such as load-balancing and security policy within Kubernetes, the deployment has to go through with a manually configured load balancer and firewall rules configured each time. In a world where developers are pushing new applications multiple times a day, this is a significant amount of work for the operations teams. The inclusion of NSX-T means the developer can declare these requirements within the deployment configuration and PKS and NSX-T will take care of the infrastructure underneath. When the deployment is removed, so is this additional infrastructure.

Most container images are public, with no verification that the image you’re pulling down is the correct one and there is also no security verification. This can provide security challenges for the organisation, however, with Harbor the container images are stored in a private registry and it also offers image signing and vulnerability scanning.

PKS options

Enterprise PKS is the all-inclusive option, there are other options available:

Essentials PKS – Introduced in early 2019 following the acquisition of Heptio, Essentials PKS offers a more modular approach to building your Kubernetes platform. Instead of using BOSH to deploy and manage Kubernetes clusters, they are built using your existing toolsets. NSX-T is also not included in this version, leaving the networking decisions down to you. Essentials PKS also offers a design validation service and VMware support, giving you an escalation point for peace of mind.

Cloud PKS (in beta at time of writing this article) – This SaaS offering is operated by VMware on a public cloud. All you need to do is consume the service and deploy your apps. This deploy instances directly to AWS, with other cloud providers expected to follow shortly.

Closing Thoughts

The move to cloud native applications is gathering pace. The move to containers and microservices means there are more moving parts to an application, which means more work for your operations teams. Kubernetes solves some problems while creating others. Enterprise PKS provides a turnkey solution, so you know exactly what you’re going to get. As a packaged solution it will bridge the gap between legacy infrastructure and being able increase development cadence, accelerating the time to business value.

As an independent cloud consulting business, Xtravirt have been designing and delivering cloud and digital transformation solutions for many years. If you are looking to extend your capability with cloud native applications and orchestration, we can provide advisory, design and implementation services to create the right solution for your organisation. Contact us to find out more.

James McLeod is a Technical Consultant at Xtravirt with expert skills in server virtualisation, desktop virtualisation, enterprise networking and enterprise storage. He has extensive experience in implementing business-led solutions across a range of verticals, including banking, insurance, legal, healthcare and aerospace.